In our current security model, a user with DATA:MANAGE can create regions, create disk stores, WAN gateways etc. This is a very wide scope, because an administrator may want to give create region privilege to a developer, but not necessarily give them the ability to create disk stores or send the data in that region over WAN. I propose that we refine the security model to make it finer grained.

I propose that only Region should belong to the DATA resource, everything else (i.e Disk, GATEWAYS, DEPLOY, Queries etc) be treated as CLUSTER resources in the security framework. As with any other resource, admins will be able to grant READ, WRITE and MANAGE permissions to these resources. In terms of shiro, this will take the form: CLUSTER:READ/WRITE/MANAGE:DISK,WAN,ASYNCQUEUE.

brief description of resources:

DISK: ability to manage diskstores/create regions that will write to disk stores

GATEWAY: ability to manage gateway senders and receivers and create regions that use gateways

Examples:

Here is how it will work out for DISK resource:1. CLUSTER:MANAGE:DISK - allows users to create/manage disk stores2. CLUSTER:WRITE:DISK - allows users to create regions that write/overflow to disk stores3. CLUSTER:READ:DISK - should be covered by DATA:READ, does not make sense here

Here is a revised list of permission strings. The ones that will change are highlighted below: